none
Event IDs 5805 and 5723 are reported in the System Event Log

    Question

  • Hi everyone,

    We are getting the following errors on some computers:

    --------------------------------------------------------------------------------------------------------------------------------
    Source:        NETLOGON
    Date:          4/7/2007 12:50:01 AM
    Event ID:      5805
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SP01DC12K3
    Description:
    The session setup from the computer SPVS018 failed to authenticate. The following error occurred:
    Access is denied.


    Source:        NETLOGON
    Date:          4/7/2007 12:41:46 AM
    Event ID:      5723
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SP01DC12K3
    Description:
    The session setup from computer 'SPVS018' failed because the security database does not contain a trust account 'SPVS018$' referenced by the specified computer. 

    USER ACTION 
    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'SPVS018$' is a legitimate machine account for the computer 'SPVS018' then 'SPVS018' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem: 

    If 'SPVS018$' is a legitimate machine account for the computer 'SPVS018', then 'SPVS018' should be rejoined to the domain. 

    If 'SPVS018$' is a legitimate interdomain trust account, then the trust should be recreated. 

    Otherwise, assuming that 'SPVS018$' is not a legitimate account, the following action should be taken on 'SPVS018': 

    If 'SPVS018' is a Domain Controller, then the trust associated with 'SPVS018$' should be deleted. 

    If 'SPVS018' is not a Domain Controller, it should be disjoined from the domain.

    --------------------------------------------------------------------------------------------------------------------------------
    When we search for the computer object in AD, its not there.  The workaround for this problem has been to rejoin the computer to the domain.  But, since the problem started, we probably have rejoined almost 60 computers to the domain, so we must stop this pattern asap.

    Today, I run the command NLTEST /SC_RESET: <DOMAIN_NAME> to reset the secure channel as a preventive measure, but I'm not sure if this will help me find the root cause of the problem.

    Any comments will be really appreciated.

    Ivan

    Tuesday, January 12, 2010 5:05 AM

Answers

  • Hi, people...
    for the first problem - the event id 5805 5723 Source: Netlogon - this post asks for solution, I have a clue and a tip for you...
    Normally, it happens if you use ghost or any other image software to distribute OS without "preparing" the reference computer first.
    To solve this problem, next time you create an image to distribute, execute sysprep.exe first.... then you use the ghost softwate to distribute.
    Hope this can help you....
    if you need some more information, reply to this post than I come back here.....

     

    • Marked as answer by Wilson Jia Tuesday, January 19, 2010 4:58 AM
    Friday, January 15, 2010 1:46 PM

All replies

  • Hi,

    I am quoting Microsoft reference here. Hope these links will helps to find solution

    Event ID:      5805

    Event

    Root Cause

    Solution

    Net Logon Event ID 5805

    A machine account failed to authenticate, which is usually caused by either multiple instances of the same computer name, or the computer name has not replicated to every domain controller.

    If you do not find multiple instances of the computer name, verify that replication is functioning http://technet.microsoft.com/en-us/library/bb727062.aspx for the domain that contains the computer account.



    Event ID: 5723
    Source: NetLogon
    Version: 5.0
    Symbolic Name: NELOG_NetlogonServerAuthNoTrustSamAccoun
    Message: The session setup from the computer %1 failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is %2.
       
    Explanation

    The account might not exist in the security database.

       
    User Action

    Verify that the account exists. If the account exists, contact your network administrator to check the cause of the problem.


    Regards from www.windowsadmin.info
    Tuesday, January 12, 2010 5:33 AM
  • Hi,

    Check to see if the Computer Account exists in the Domain. If it does then try and access the shares of the Domain Controller (\\Servername\Sharename)

    This would verify the Secure Channel between the Domain Machines and the Domain Controller. If the Secure Channel is vroken and you get errors like "Target Principal Name Incorrect" than you will have to Unjoin and Re-Join the Machines back to the Domain. The same soultion goes if you don't find the Machine Accounts listed in Active Directory.

    Cheers,
    Nitin
    Tuesday, January 12, 2010 10:33 AM
  • Computer Accounts does not exist in AD.  Something is deleting the object in AD.

    We have been Unjoin and Re-Join the machines back to the Domain as a workaround BUT we need a better solution to this problem.

    Any idea on how to stop this from happening?

    Thanks,
    Ivan
    Tuesday, January 12, 2010 1:53 PM
  • Hi Ivan,

    If we know the problem and the resolution to it then we should now look for the reasons why this has been happening. I would suggest you to enable 'Account Management Auditing' in the Domain to know who is deleting Computer Accounts from Active Directory.

    Please refer to the following Article for more details. The Article also lists the Events you will get when any action is performed on AD Objects.

    http://technet.microsoft.com/en-us/library/cc737542(WS.10).aspx

    Cheers,
    Nitin
    Tuesday, January 12, 2010 3:26 PM
  • Hi Nitin,

    Thank you for the response.  That is exactly what we thought. 
    Even though, it seems I have another issue when trying to change the "Audit Account Management" setting on the "Default Domain Controllers Policy". 

    After the settings is activated (with Success & Failure), I run gpupdate /force and the setting get reverted to its original value "No auditing"

    I submitted another question for this particular case in MS TechNet Forum: http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/b7b25b89-169c-4c6e-bca3-c8fa7e247611

    Any comments will be more than welcome!

    Ivan
    Tuesday, January 12, 2010 3:54 PM
  • Hi Ivan,

    I am monitoring that other Thred of yours. Just had a look at it. Will post my next Action PLan there.

    Cheers,
    Nitin
    Tuesday, January 12, 2010 3:59 PM
  • Hi, people...
    for the first problem - the event id 5805 5723 Source: Netlogon - this post asks for solution, I have a clue and a tip for you...
    Normally, it happens if you use ghost or any other image software to distribute OS without "preparing" the reference computer first.
    To solve this problem, next time you create an image to distribute, execute sysprep.exe first.... then you use the ghost softwate to distribute.
    Hope this can help you....
    if you need some more information, reply to this post than I come back here.....

     

    • Marked as answer by Wilson Jia Tuesday, January 19, 2010 4:58 AM
    Friday, January 15, 2010 1:46 PM
  • I am experiencing the exact same problem but this is happening to all new and old machines on my domain. Even ones that were added yesterday!

     

    Has anyone else experienced this problem?

     

    Cheers,

    69

    Friday, September 16, 2011 3:32 AM
  • hello, this happens when the computer does not exist in AD, perhaps was removed from AD, but it was not properly disconnected from Active Directory, ( my pc, right clic, etc.....) and DNS in the forward zone still exists the A record for the machine.

    Delete record A for the machine in DNS Zone forward, and the next time remove tha machine computer correctly from AD, be sure that record was deleted.

    regards


    ADCB

    Friday, September 28, 2012 2:11 PM
  • in our case this helped, when we run the "sysprep" command

    it fix the issue

    but I have a question:

    does the DIS-JOIN and RE-JOIN will do the job because we have approximately 200 Machine running Windows XPE on a cash register and we would like to join them to the domain

    thanks

    Tuesday, August 13, 2013 1:41 AM